The holidays are upon us, online sales are expected to go through the roof, and more U.S. consumers than ever (68 percent, or roughly 170 million people) plan to buy technological gifts this holiday season. Unfortunately, cybercriminals bank (no pun intended) on heightened shopping excitement and lowered safety practices, thus coming up with more creative ways to make their holiday a prosperous one.

It’s hard to know what holiday scams are out there, let alone how to spot one; we’re here to help. If you’re aware of the dangers and how to spot them, it will give you better security on all your devices, and better peace of mind, as well.

1. Fraudulent Emails

Emails containing false offers for great deals, e-cards containing malware, imitation delivery statuses, and phony shipping confirmations are sent out in bulk this time of year. You’ll get an email with FedEx telling you that there was a problem with your package. Or you’ll open your inbox to find one or more offers that are practically impossible to ignore from a retailer you know. Or you’ll see an email advising you of the shipping status of a package you order from UPS. They can all look real, and a lot of them could be bogus.

Don’t respond to a suspicious email or click on anything in it: No pictures, no links, no buttons, and no banners. If you click on any of the elements, it may activate malware and/or or provide personal information to the scammer. To identify the authenticity of the email content, open a new window and type in the retailer’s address to go directly to the site.

If it’s an e-card as an attachment, don’t open the attachment if you don’t know the sender. Be careful not to click on any links that say, “View the e-card”. Doing either of these could download malware to your computer.

And never give your banking information, social security number, etc. to anyone. A reputable business would never ask you for personal information.

2. Change the Password on Your Cutlery

Image Credit: master_art via Shutterstock

Even a fork can connect to the internet these days, which means it needs a password. That fork, and any smart appliance and device (the Internet of Things), comes with a default one. If there is anything that is going to get your digital life into trouble, it’s a default, hackable password.

3. Don’t Use the Same Password on All Sites

Passwords, passwords. When you sit down at your computer or you pull out your smartphone to shop, you’re going to need a password for all those sites you’re going to visit. Sure, having one password is convenient, but once someone hacks your password on one account, they’ll reap the monetary benefits from all of them.

What to Do: Use a password manager that can be used on your smartphone as well as your computer, i.e. LastPass. This will keep track of your logins and passwords for any site you visit. You don’t even have to type! A few clicks will fill everything in for you so you don’t have to memorize any passwords if you don’t want to.

Bonus Tip: When the site asks you if you want to store your financial details (like your credit card number) on the site to use the next time you’re there, don’t do it. It’s yet another way for a criminal to get his hands on your personal information.

4. Enable Two-Factor Authentication

Speaking of shopping on websites, a lot of them offer two-factor authentication. This provides two layers of authenticity, not just one. The first layer of security is your login and password. Depending on the web site, the second layer of security will be something like a PIN, a second password, or even a voice print.

What to Do: Use two-factor authorization everywhere it’s offered. Some types of businesses, like banks, have automatic two-factor authorization. It’s a lot harder for a hacker to hack through two layers of security than just a password, so enable it whenever you can.

Always look for the little padlock in your address bar and https:// at the beginning of the URL — they show you are on a secure site. Note that the padlock placement in each browser varies a little (see below).

6. Set Up Account Alerts

You may be on top of your device’s security, but cybercriminals are good at what they do. There’s too much money at stake not to be. That being said, you may still get hacked.

What to Do: Set up alerts for your bank accounts. Almost all banks and most credit card companies give you the option to have an alert sent to your smartphone and/or email when there has been any activity on your account, your account is overdrawn or it drops below an certain amount (you set the amount), and more.

Bonus Tip: Go through your bank and credit card statements in detail. A lot of people kind of skim through their statements when they get them each month. Make sure you check each transaction to ensure that it’s legitimate.

7. Watch the Smartphone Downloads

It’s sad, but many apps aren’t safe. In fact, malware is on the rise in smartphones. Downloading that new game you want to try or responding to a text you receive from an unknown sender can get you some harmful malware if you don’t protect yourself.

For safe texting, there’s Signal. Signal provides end-to-end encryption, which turns a sender’s regular text message into a secret one and can only be decoded by the recipient. Thus, every time you send a text, nobody can “see” its contents except the person you texted.

Bonus Tip: When you are installing an app, pay attention to the app needs access to. A lot of apps ask for far too much information than it needs. Don’t give anyone, anywhere too much personal information.

8. Skype and Facebook and Twitter…

Image Credit: quka via Shutterstock

Is there any part of the internet that scammers have missed? The newest scams are being perpetrated through social engineering, which is just a fancy phrase for using social media to get people to cough up their personal details. And boy, is it amped up this time of year!

What to Do: See #1 in this article. Don’t click on anything clickable in the email: pictures, links, buttons, and banners. If you get an email in Skype telling you have a new call, go to Skype itself — don’t just click on the link. If you get a message in Facebook telling you can get a credit card pre-approved just in time for the holidays, go directly to the merchant who is offering the card. It may look like it’s the real thing, but it quite possibly won’t be. Check the real source. You can’t be too careful.

9. False Charities

It’s really sad, but criminals take advantage of people this time of year, knowing that they are more apt to give money to the needy. They falsify charity names or make new (fake) ones, and will do it through email, websites, phone calls, or even text.

What to Do: If you have never heard of the charity, go to the Better Business Bureau (BBB) and look up the name, or not give. It’s that simple. You can always go to your favorite charity’s website, or Google homeless shelters in your area. The point is to never give money to someone who you don’t know.

How does it work? Scammers will put a small device on an ATM or gas pump card reader (it fits on top of the real card reader so you can’t tell it’s fake unless you look for it) that will “skim” the magnetic tape to capture your PIN. This gives the scammer enough information to go shopping online or make an imitation card.

What to Do: When you’re at the ATM or getting gas and go to put in your card, examine the card reader. If it looks at all different, reach out and shake or pull on it. It may pop right off. Take a quick glance at your card when you take it out of the reader. You might see glue around the edges of the card. Report it to the bank or proprietor if it’s at all suspicious.

EMV (Europay, Mastercard, and Visa) is a standard of security that uses a computer chip to encrypt your card’s data. If your card does not have an EMV chip and still has the magnetic strip, call your bank and ask for a new one. You should have one by now.

A web content writer (fancy name for freelance writer) and a self-professed tech nerd, Lori loves anything tech and is happily obsessed with her current smart phone. And football. And chocolate. You can reach Lori anytime by email.